Knowledge Base

The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides
 
Search the VMware Knowledge Base (KB)   View by Article ID
 

Troubleshooting network issues by capturing and sniffing network traffic via tcpdump

Symptoms

The following ESX network issues can be resolved by sniffing TCP/IP messages:

  • VMware VMotion fails at 10%
  • Connection fails to certain host and networks
  • Sessions to network services fail
  • Analyzing bandwidth and network services communication

Purpose

The following describes the basic concepts of monitoring network traffic:

  • To troubleshoot many network related issue, the tcpdump can be utilized to capture TCP/IP traffic.
  • Analyzing network traffic requires advance understanding of TCP/IP stack protocol to make sense of hidden TCP/IP messages captured.

This article emphasizes capturing and sniffing TCP/IP network traffic on ESX host.

The ESX 3.x Service Console is equipped with the utilities esxnet-support and tcpdump for network troubleshooting.
 
To capture TCP/IP packets in and out of an ESX host: 
  • esxnet-support: This ESX script utilizes the tcpdump utility to create sniffer interface and capture ESX network traffic and generate tcpdump.gz file, to be analyzed for later.
  • tcpdump: This utility is shipped with ESX and runs at the Service Console (SC) TCP/IP stack. tcpdump is a command line tool used at root access level of ESX console connection for real time capturing to be displayed on the console screen.

Resolution

Note: esxnet-support creates a dedicated portgroup and interface, but due to script errors, it may fail. If it fails, you must manually create a port group with proper security settings to accommodate esxnet-support script execution. For more information, see Capturing virtual switch traffic with tcpdump and other utilities (1000880).
 
The following describes command line utilization of esxnet-support:
  1. Run the following command:

    esxnet-support trace –z –p [port_name]

    Note: VMware recommends setting up a sniffer port on the vSwitch.
  2. Create a Service console port and name it cos_tcpdump. 
  3. Run the following command as root on the ESX console:

    esxnet-support trace –z –p cos_tcpdump

    Press Ctrl+C to stop sniffer script.

    Note: This generates a dump file in the directory it was executed.
  4. The script esxnet-support generates the *.tcpdump.gz file. Utilize gunzip to extract the *.tcpdump.gz file. 

     
  5. Use Network Protocol Analyzer utilities (such as Wireshark) to open and view the tcpdump file.  

    Note: VMware does not endorse or recommend any particular third party software utility, nor is the list above meant to be exhaustive.
  6. Run the following command to view tcpdump from the console command line: 

    tcpdump –i [interface name]

Additional Information

Tags

cannot-vmotion connect-esx connection-fails-esx connection-fails-network connect-vm network-connection network-performance

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.
What can we do to improve this information? (4000 or fewer characters)
Actions
  • Bookmark Document
  • Email Document
  • Print Document
  • Subscribe to Document
  • Bookmark and Share